Here we will use some tools to check what's going on:
1) Task Manager : For real time immediate gratification of observing what's going on in your server.
2) Event Viewer : An easy way yo view logs that are created by the various monitoring tools.
3) Performance Monitor - A true classic, performance Monitor allows granular tracking.
4) Reliability Monitor - Watches and trackers changes in your system over time.
5) Data collection sets - Probably the easiest way to keep track of what's going on in your system!
*Auditing Policies are optional settings in Group policy for DC's that allows you to keep detailed track of changes made to your AD.
*Not only can it track changes, but also who made the change, what the object was before the change, and what the object is now.
There's two steps to setting this up- you can't do one without the other!
To set up Auditing:
*You have to enable an auditing policy (Specifically Audit directory service) on either the default DC policy or on the Default domain policy.
*Then, you have to turn on the Auditing component on the Objects you want to audit.
Steps:
Open Group policy Management > Default domain policy > Right click > Edit policy > Computer configuration > Security Settings > Local Policies > Audit Policy > Audit directory Service Acess > Success and failure check mark (This security settings determines whether to audit the event of a user accessing an AD object that has its own system access control list (SACL) specified> OK.
Now open AD users and computers > Now select NewYourOU (Main OU) > Properties > Security Tab (TO get this tab you need to enabled advanced features by going to Tools menu) > Click on Advanced > Auditing > Add > Type Authenticated users > Now check mark successfull and failed for "Write all properties" Option > ok
Once your configure above settings now whatever you to in NewyourOU ex: If you create a user, delete or modify settings. This can be tracked through event viewer.
How to Defrag your AD
*Running regular maintenance on the AD database recaptures disk space, making the database file more efficient (and sometimes faster!), and checks for any weirdness that might occur.
*When stuff gets deleted out of your AD database, the database file itself doesn't get any smaller.
*It's time to bust out the NTDSUTIL command again! here's some crucial commands :
-Activate instance NTDS -Your begining command.
-Files - The "Context" that makes the following commands available: (When you type Files command you will be asked to stop AD domain services so you need to go to services and stop it)
You can type help for more commands
a) Compact - Defrags the database (and "creates a copy of the NTDS.dit file") type compact to drivename:\ ex : compact to c:\
Once the command is progressed, you will be asked to copy "c:\ntds.dit" "c:\windows\ntds.dit" and delete the old log files: del C:\wind ows\NTDS\*.log
b) Integrity - Check database integrity
c) Semantic database Analysis - An NTDSUTIL tool that analyzes and checks your database for consistency.
Once you process all commands, now you can start the AD domain services from services.
Notes:
*NTDS.dit - The actual database file that holds your AD objects.
*Compact - The process of recovering disk space by removing empty space and repositining data on the disk for optimum read time. (Also known as defragging)
*Integrity - A database is said to have integrity when all of the records hold exactly what they're supposed to hold.
1) Task Manager : For real time immediate gratification of observing what's going on in your server.
2) Event Viewer : An easy way yo view logs that are created by the various monitoring tools.
3) Performance Monitor - A true classic, performance Monitor allows granular tracking.
4) Reliability Monitor - Watches and trackers changes in your system over time.
5) Data collection sets - Probably the easiest way to keep track of what's going on in your system!
*Auditing Policies are optional settings in Group policy for DC's that allows you to keep detailed track of changes made to your AD.
*Not only can it track changes, but also who made the change, what the object was before the change, and what the object is now.
There's two steps to setting this up- you can't do one without the other!
To set up Auditing:
*You have to enable an auditing policy (Specifically Audit directory service) on either the default DC policy or on the Default domain policy.
*Then, you have to turn on the Auditing component on the Objects you want to audit.
Steps:
Open Group policy Management > Default domain policy > Right click > Edit policy > Computer configuration > Security Settings > Local Policies > Audit Policy > Audit directory Service Acess > Success and failure check mark (This security settings determines whether to audit the event of a user accessing an AD object that has its own system access control list (SACL) specified> OK.
Now open AD users and computers > Now select NewYourOU (Main OU) > Properties > Security Tab (TO get this tab you need to enabled advanced features by going to Tools menu) > Click on Advanced > Auditing > Add > Type Authenticated users > Now check mark successfull and failed for "Write all properties" Option > ok
Once your configure above settings now whatever you to in NewyourOU ex: If you create a user, delete or modify settings. This can be tracked through event viewer.
How to Defrag your AD
*Running regular maintenance on the AD database recaptures disk space, making the database file more efficient (and sometimes faster!), and checks for any weirdness that might occur.
*When stuff gets deleted out of your AD database, the database file itself doesn't get any smaller.
*It's time to bust out the NTDSUTIL command again! here's some crucial commands :
-Activate instance NTDS -Your begining command.
-Files - The "Context" that makes the following commands available: (When you type Files command you will be asked to stop AD domain services so you need to go to services and stop it)
You can type help for more commands
a) Compact - Defrags the database (and "creates a copy of the NTDS.dit file") type compact to drivename:\ ex : compact to c:\
Once the command is progressed, you will be asked to copy "c:\ntds.dit" "c:\windows\ntds.dit" and delete the old log files: del C:\wind ows\NTDS\*.log
b) Integrity - Check database integrity
c) Semantic database Analysis - An NTDSUTIL tool that analyzes and checks your database for consistency.
Once you process all commands, now you can start the AD domain services from services.
Notes:
*NTDS.dit - The actual database file that holds your AD objects.
*Compact - The process of recovering disk space by removing empty space and repositining data on the disk for optimum read time. (Also known as defragging)
*Integrity - A database is said to have integrity when all of the records hold exactly what they're supposed to hold.
No comments:
Post a Comment